[Freeipa-users] IMPORTANT: FreeIPA upgrade broken in Fedora 23

John Obaterspok john.obaterspok at gmail.com
Thu Nov 5 16:07:11 UTC 2015 

2015-11-05 12:26 GMT+01:00 Alexander Bokovoy <abokovoy at redhat.com>:

> On Thu, 05 Nov 2015, John Obaterspok wrote:
>
>> Hi,
>>
>> I waited a couple of days and when "dnf list freeipa-server
>> --releasever=23" said 4.2.3 I hit the upgrade. Unfortunately I noticed to
>> late that I received 4.2.2 during "dnf system-upgrade".
>>
>> Any ideas how to get it going again? Or is it easier to start from scratch
>> if I only have ~ 10 IPA clients?
>>
> Did you already upgrade to 4.2.3? Make sure you have
> pki-core-10.2.6-12.fc23 and freeipa 4.2.3-1.fc23, run
> ipa-server-upgrade. It should be able to recover.
>
>
Hi Alexander,

Untfortunatly not, it's not able to recover:

#####  rpm -q pki-base freeipa-server
pki-base-10.2.6-12.fc23.noarch
freeipa-server-4.2.3-1.fc23.x86_64

(Note I have pki-base, not pki-core... but I guess that was what you ment)

#####  ipa-server-upgrade
session memcached servers not running
Missing version: no platform stored
Upgrading IPA:
  [1/8]: saving configuration
  [2/8]: disabling listeners
  [3/8]: enabling DS global lock
  [4/8]: starting directory server
  [error] CalledProcessError: Command ''/bin/systemctl' 'start'
'dirsrv at MY-LAN.service'' returned non-zero exit status 1
  [cleanup]: stopping directory server
  [cleanup]: restoring configuration
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
ipa-server-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
CalledProcessError: Command ''/bin/systemctl' 'start' 'dirsrv at MY-LAN.service''
returned non-zero exit status 1

ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] - Cannot find parent attribute
type "ipaPublicKey"
ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] dse_read_one_file - The entry
cn=schema in file /etc/dirsrv/slapd-MY-LAN/schema/99user.ldif (lineno: 1)
is invalid, error code 21 (
ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] dse - Please edit the file to
correct the reported problems and then restart the server.
systemd[1]: dirsrv at MY-LAN.service: Control process exited, code=exited
status=1

##### 99user.ldif first lines has the following
dn: cn=schema
objectclass: top
objectclass: ldapSubentry
objectclass: subschema
cn: schema
aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl
"anonymous, no acis"; allow (read, search, compare) userdn =
"ldap:///anyone";)
modifiersname: cn=Directory Manager


Any ideas?

-- john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151105/897c9fb9/attachment.htm>

More information about the Freeipa-users mailing list